EVGA

Hot!EVGA devs - here is how you stop the bots

Page: 12 > Showing page 1 of 2
Author
strandedpirate
New Member
  • Total Posts : 18
  • Reward points : 0
  • Joined: 2018/10/31 14:05:59
  • Status: offline
  • Ribbons : 0
2020/09/19 02:50:16 (permalink)
It's called throttling and can be implemented in any programming language. Some proxy servers and CDN's have it built in or have plugins for it; so that may be an easy option for you if you already are using one of those. Bots are going to hit the site with more requests than any human possibly could in any given time window. Its obscenely easy to throttle requests by ip address and send a 429 response code (too many requests) and prevent those ip addresses from getting through successfully for XX minutes/hours. Just make sure that in your web farm you are recording this information in a shared store like a database or redis that is used across all of your web servers. Using in-memory storage is NOT an option here.
 
During your launch window you should ratchet up the rules and cordon these bots off in purgatory for extended periods of time (like hours) thereby allowing legitimate customers to make purchases.
 
In addition you should have a long-term blacklist table for storing ip addresses of known bots or DDOS networks and you could choose to throttle them (which they will likely detect and attempt to change ip's) or you could let them through and induce an artificial lag chosen at random on every page. E.g. let a bot in and then just artificially cause the page to load for thirty minutes. Another fun thing is to just let them in but show "Out of Stock" at all times.
 
So many fun and cool ways to screw with bots and losers. Go crazy.
#1

33 Replies Related Threads

    the_Scarlet_one
    EVGA Forum Moderator
    • Total Posts : 20784
    • Reward points : 0
    • Joined: 2013/11/13 02:48:57
    • Location: East Coast
    • Status: online
    • Ribbons : 76
    Re: EVGA devs - here is how you stop the bots 2020/09/19 04:03:34 (permalink)
    Out of curiosity, because I do not know much about this personally, what would stop the bot from using a VPN to mask their IP.

    Random Associate Code >> GDWZE7QOTF << this is NOT my associate code. I do not have an associate code. Feel free to use it to save a few bucks.

      <- Clickable link to my Main PC Specs
    #2
    DaWorstPlaya
    New Member
    • Total Posts : 30
    • Reward points : 0
    • Joined: 2019/12/14 18:18:11
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/19 07:16:21 (permalink)
    That's a great idea, I was actually thinking something like this would work where you put a random timer 5 minutes or greater before you allow a follow up request from an IP address (VPN or not it won't matter) to move forward. Eg: the "Next" or "Proceed" button won't show up until a countdown timer hit zero from the 5 minutes. Even humans who verify quickly would take about 5 minutes to fill and read through a page before moving on. Basically if you see multiple rapid requests from an IP address in a short period (bots), you blacklist that IP address and don't allow any more requests from that IP to move forward permanently. I like it, great idea.
    #3
    strandedpirate
    New Member
    • Total Posts : 18
    • Reward points : 0
    • Joined: 2018/10/31 14:05:59
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/19 07:19:33 (permalink)
    VPN's, masking, bouncing your traffic off 20 satellites like in the movies; is all irrelevant. Any ip that trips the throttling logic will be caught within ~5 secs and blacklisted. So if you're tunneling through a VPN and pegging the EVGA servers with your cool new bot - guess what? That VPN's ip becomes blacklisted. It's irrelevant that you "masked" your real ip; don't care. They can't use that particular VPN's ip ever again and they must move to another. Bots can change their IP, tunnel through as many VPN's as they want; it doesn't matter because whatever ip's they expose their little bot through will ultimately be blacklisted within a short time span. They will quickly run out of ip's and be SOL. If EVGA does a postmortem they can look at the blacklisted ip's captured during a release combined with geo-location and identify entire ip ranges are likely being used by bots and all around jerk wads. Then they can preemptively blacklist entire ranges of ip addresses so that ip's the bot hasn't even used yet are now SOL.
     
    This is of course all reliant on how the devs write the code and define the throttling rules. As long as the devs implement the code correctly and commit to long term banning/cordoning of throttled ip's then future releases will go much smoother. Ideally you want to handle throttling in the cloud where the infrastructure spans multiple data centers and many horizontal machines capable of handling the massive load that bots place on your site in such a short time span. Think Azure, GCloud and AWS. Throttling early in the pipeline such as in a proxy or CDN before any code runs on your actual web servers is ideal. Kick the bots early while letting the legitimate traffic through.
    #4
    crazyst888
    New Member
    • Total Posts : 83
    • Reward points : 0
    • Joined: 2009/03/23 22:24:59
    • Status: offline
    • Ribbons : 1
    Re: EVGA devs - here is how you stop the bots 2020/09/19 07:35:58 (permalink)
    @the_Scarlet_one
    No bots? look like someone has egg on there face.


    #5
    vgerik1234
    Superclocked Member
    • Total Posts : 234
    • Reward points : 0
    • Joined: 2007/02/03 11:59:20
    • Status: offline
    • Ribbons : 1
    Re: EVGA devs - here is how you stop the bots 2020/09/19 07:53:48 (permalink)
    Throttling is dangerous depending on the defined value used. 3-5 rps isn't really human but at the same time it could be depending on what the person is looking for during load. Anything higher than that is realistically not going to be used by bots outside of ddos. You have to extensively test this stuff. If you go to prod too early, it can go very badly.

    Did you know that ticketmaster's proxy has our entire company's ip range banned for bottling the past 3 years because we all tried to buy tickets to a show at the same time? Now if any of us want to buy things at work we have to use our slow mobile 4/5g. It's DANGEROUS.
    post edited by vgerik1234 - 2020/09/19 07:56:26


     

     
    #6
    DaWorstPlaya
    New Member
    • Total Posts : 30
    • Reward points : 0
    • Joined: 2019/12/14 18:18:11
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/19 09:26:48 (permalink)
    Given most people are working from home during the pandemic I don't think it will be an issue right now. Plus you really shouldn't be doing personal shopping from a Company network. I say block em, it's a small price to pay to block bots.
    #7
    ejaworsk
    New Member
    • Total Posts : 12
    • Reward points : 0
    • Joined: 2019/02/06 18:28:58
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/19 09:39:52 (permalink)
    EVGA has expressed little concern over the bots compared to the community. It doesn't seem to be that big of a deal, they are making bank. If you feel betrayed as a loyal EVGA customer, its important to understand that this is uniform across the industry. Other retailers were struck by bots and are not readily available, just like EVGA they made bank.
     
    Unless you're going to boycott graphics cards and go live in a cave, I'd recommend to just wait for the market to saturate (3070 release, RDNA2 release). If you truly NEED or want the luxury than enjoy paying the premium on ebay. 
     
    From a business standpoint why is EVGA going to create more work for themselves (preventing bots/creating fair system) just to sell stock slower? Its counterintuitive. 
    #8
    delicieuxz
    New Member
    • Total Posts : 69
    • Reward points : 0
    • Joined: 2009/09/05 08:15:28
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/19 11:14:46 (permalink)
    I think it'd pretty easy to solve the issue of bots and probably the large majority of purchasers by scalpers:
     
    1. Implement a competent captcha to add cards to an online shopping cart. If necessary, resort to a code that's sent to the customers' email that needs to be entered on the store site, or ask a 'what is the 3rd word in the 2nd sentence of the following paragraph' or 'how many wings does a bird have' type of question. Or email customers an anagram or a word spelled backwards, in the middle of a sentence, and ask them to spell it properly on the store website.
     
    2. Send an email link that's required to continue to the billing information stage of the checkout process. Include a couple of other links in that email, and randomize the ordering and titling of them to confound any automated processes.
     
    3. Put a weekly or monthly limit on the number of cards that can be ordered, and check an order's information against shipping, billing, and payment information to catch redundancies and refuse orders with them. The system automatically checks that more than 1 or 2 cards aren't being sent to the same address, or using the same billing address, or being paid for with the same payment information - and any attempts to do so are automatically denied.
     
     
    If companies aren't doing something like this, then it's probably because they don't actually want to stop the bots, the scalping, and the inflation of prices on the cards.
    post edited by delicieuxz - 2020/09/19 13:32:35
    #9
    vgerik1234
    Superclocked Member
    • Total Posts : 234
    • Reward points : 0
    • Joined: 2007/02/03 11:59:20
    • Status: offline
    • Ribbons : 1
    Re: EVGA devs - here is how you stop the bots 2020/09/19 12:26:32 (permalink)
    delicieuxz
    I think it'd pretty easy to solve the bots and probably the large majority of the scalping:
     
    1. Implement a competent captcha to add cards to an online shopping cart.
     
    2. Require an email confirmation to proceed with the checkout process - not to complete it, but to proceed to the billing information stage.
     
    3. Put a weekly or monthly limit on the number of cards that can be ordered using one account, one shipping address, and one billing address as maybe also one shipping location. The system automatically checks that more than 1 or 2 cards aren't being sent to the same address, or using the same billing address, or being paid for with the same credit card - and any attempts to do so are automatically denied.
     
    Or, only take orders by phone, while also having a maximum order limit.
     
    If companies aren't doing something like this, then it's probably because they don't actually want to stop the bots, the scalping, and the inflation of prices on the cards.




    I really like your #2. I would say do what PayPal does and require a 2FA on almost every purchase for the first one in the day/first one after a timeout period of no activity. Even if I am logged in directly to paypal.com, it still requires 2FA to re-login on my first purchase. So maybe enforce PayPal checkout only on initial launch? They could increase the price by a few % to ensure they don't lose too much profit for PayPal's share. However, I don't know enough about PayPal's API and checkout system. It might be even more vulnerable to bots.  
     
    Now-a-days 2FA is basically open source and easily (generally speaking) implementable. However, at the same time adding functionality for old code is not always easy. My company have spent a few years trying to migrate an internal website from .net to .net core and its basically a money sink. At this point EVGA is probably severely limited in what new features they can add to their site. Maybe in the future if they ever do evga.com v2, we will see some of this stuff. I just think we should keep our expectations and demands in check.


     

     
    #10
    vapingforjesus
    New Member
    • Total Posts : 18
    • Reward points : 0
    • Joined: 2020/08/23 17:09:41
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/19 16:26:19 (permalink)
    what about two-factor verification for purchases?
    #11
    zeroseoul
    Superclocked Member
    • Total Posts : 105
    • Reward points : 0
    • Joined: 2013/01/26 20:04:43
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/19 22:44:19 (permalink)
    So to play devils advocate, what happens if I write a bot that gets all 100 cards, and keeps them saved away?

    Current Build:
    CPU: Intel i7-8770k @ stock speeds
    Motherboard: ASUS PRIME z370-A
    Memory: 16 GB Corsair Vengence
    GPU: GTX 970 FTW
    Power Supply: EVGA Supernova 750G2
    #12
    mothman2333
    New Member
    • Total Posts : 3
    • Reward points : 0
    • Joined: 2019/02/20 00:56:19
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/20 02:20:42 (permalink)
    From what I've read, bots couldn't have bought all these cards quickly because the maker of the bots would need to know alot of info in advance that they couldn't know, unless it was an inside job...., but seriously, I did read a well explained and long comment on a YouTube video explaining how "bots" couldn't have done this and basically its an excuse for all these companies to use. I have no personal experience with bots so I post this comment here to see what someone else might say.
    #13
    Hoggle
    EVGA Forum Moderator
    • Total Posts : 6337
    • Reward points : 0
    • Joined: 2003/10/13 22:10:45
    • Location: Eugene, OR
    • Status: offline
    • Ribbons : 4
    Re: EVGA devs - here is how you stop the bots 2020/09/20 02:43:53 (permalink)
    I think a lot of the issue was just the site being overwhelmed by traffic that was human. I don't think bots really bought them all but I do think that this is the most interest we have seen in a graphics card in years and possibly ever. When you realize everyone complaining about the launch is someone who tried to get one but couldn't you realize it is a huge amount of real life human gamers. I should say I tried to get one but the site wasn't loading and I finally gave up. I signed up to be auto notified and will wait a few weeks and am sure I will get one soon enough.
    post edited by Hoggle - 2020/09/20 02:46:34

    Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. 
     
     
    #14
    Feklar
    New Member
    • Total Posts : 71
    • Reward points : 0
    • Joined: 2007/05/08 13:01:44
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/20 14:08:59 (permalink)
    Auto notify? I've been buying Evga cards for 15 years, and have tried many times and auto notify has not worked once ever. Once you get the notification, the product is long gone.
    #15
    Gunsvnvmc
    SSC Member
    • Total Posts : 613
    • Reward points : 0
    • Joined: 2008/10/28 14:16:00
    • Location: Ardmore OK
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/20 16:41:23 (permalink)
    Feklar
    Auto notify? I've been buying Evga cards for 15 years, and have tried many times and auto notify has not worked once ever. Once you get the notification, the product is long gone.


    +1



     
    Elite ID: NIRFPZ2AFBYQ56SSJ7EV
     
     A lesson unlearned will be retaught
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    #16
    mothman2333
    New Member
    • Total Posts : 3
    • Reward points : 0
    • Joined: 2019/02/20 00:56:19
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/20 17:26:41 (permalink)
    Ive signed up for auto-notify also but Im going to be checking every so often through out the day. If it wasn't for my work schedule, I would check after midnight or 3 a.m. EST, since thats when websites might roll over on their available stock, it could be 6 or 9 a.m. EST though also. Depends on where the companies headquarters is located sometimes. I just recently heard this though.
    #17
    Ogredose
    Superclocked Member
    • Total Posts : 102
    • Reward points : 0
    • Joined: 2020/09/25 12:35:42
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/27 21:07:54 (permalink)
    Yeah, autonotify doesn't really work. But, oh well, such is the way of things
    #18
    amd098
    New Member
    • Total Posts : 96
    • Reward points : 0
    • Joined: 2020/06/03 09:17:47
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/27 22:46:30 (permalink)
    Feklar
    Auto notify? I've been buying Evga cards for 15 years, and have tried many times and auto notify has not worked once ever. Once you get the notification, the product is long gone.


    haha yea, i love nvidia and newegg telling me something is in stock just now... but in reality that was 4 hours ago and its been gone

    Goodbye and Goodnight, Bang!
    #19
    ethan93m
    New Member
    • Total Posts : 100
    • Reward points : 0
    • Joined: 2020/09/28 08:07:01
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/28 09:41:34 (permalink)
    agree
    #20
    gterry180
    Superclocked Member
    • Total Posts : 101
    • Reward points : 0
    • Joined: 2013/05/26 20:48:40
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/28 14:39:47 (permalink)
    Don't buy scalped hardware and hope they get enough product out to make it not worth their while...
    #21
    da3wilson
    Superclocked Member
    • Total Posts : 102
    • Reward points : 0
    • Joined: 2020/09/24 06:09:22
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/28 18:49:06 (permalink)
    gterry180
    Don't buy scalped hardware and hope they get enough product out to make it not worth their while...


    There are still so many people that will pay a premium. Having a card for an extra month or two is definitely worth it to some people. I'll be patient even though I already sold my 2080. Taking a few weeks or a month off isn't a big deal, but some people seem to think it is.
    #22
    Nereus
    Omnipotent Enthusiast
    • Total Posts : 13070
    • Reward points : 0
    • Joined: 2009/04/09 20:05:53
    • Location: Brooklyn, NYC.
    • Status: offline
    • Ribbons : 43
    Re: EVGA devs - here is how you stop the bots 2020/09/28 18:52:16 (permalink)
     
    How to deal with bots, lesson #1:

     
    post edited by Nereus - 2020/09/28 18:56:40

    ASSOCIATE CODE : CSKKXUT5Q9GVAFR (5-10% off EVGA.com purchases)   |   AFFILIATE/REWARDS CODE : E64DMBSMI6 (EVGA product registration)
      HEATWARE   |   MODSRIGS $1K WIN   |   BUILD   |   MINI-ITX BUILD

    #23
    Caffeinated_Sarcasm
    Superclocked Member
    • Total Posts : 106
    • Reward points : 0
    • Joined: 2010/11/06 08:49:05
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/28 19:18:33 (permalink)
    gterry180
    Don't buy scalped hardware and hope they get enough product out to make it not worth their while...


    I agree. That would help a lot, but there's a minority of people willing to buy marked up cards, just to have the latest and greatest.
    #24
    thefinalhope
    New Member
    • Total Posts : 100
    • Reward points : 0
    • Joined: 2010/05/19 00:43:23
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/28 19:23:10 (permalink)
    There will always be a market for scalped cards unfortunately, it's not as simple as 'just don't buy it'. The people who buy these overpriced scalped cards the ones that are not checking out forums where people are saying this. 
    #25
    Caffeinated_Sarcasm
    Superclocked Member
    • Total Posts : 106
    • Reward points : 0
    • Joined: 2010/11/06 08:49:05
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/29 10:22:47 (permalink)
    thefinalhope
    There will always be a market for scalped cards unfortunately, it's not as simple as 'just don't buy it'. The people who buy these overpriced scalped cards the ones that are not checking out forums where people are saying this. 


    You're absolutely right, of course. A man can dream, though.
    #26
    nosoul05
    Superclocked Member
    • Total Posts : 103
    • Reward points : 0
    • Joined: 2020/09/18 06:13:49
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/09/30 20:15:18 (permalink)
    The program where you can buy if you've already owned one is a good start. Maybe even have a sign up with a raffle to allow ppl to purchase
    #27
    Phil6970
    New Member
    • Total Posts : 31
    • Reward points : 0
    • Joined: 2020/10/01 18:12:27
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/10/01 19:14:47 (permalink)
    I signed up for 4-5 different websites autonotify prior to launch.  Not one email.

    Intel 10920X/Aorus Gaming 9 X299/ Corsair Dominator Platinum Pro RGB 8x8Gb/ Asus GTX1080ti
    #28
    Caffeinated_Sarcasm
    Superclocked Member
    • Total Posts : 106
    • Reward points : 0
    • Joined: 2010/11/06 08:49:05
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/10/01 19:27:28 (permalink)
    I actually got a couple emails from Newegg a couple days ago. Still sold out by the time I got there, but it's a good sign that the systems are starting to work again.
    #29
    darkknight6663
    New Member
    • Total Posts : 41
    • Reward points : 0
    • Joined: 2017/06/15 19:22:58
    • Status: offline
    • Ribbons : 0
    Re: EVGA devs - here is how you stop the bots 2020/10/03 17:31:39 (permalink)
    auto notify doesn't work. what i've found is following discord servers. when the chat stops posting crappy memes, then you know theres one in stock
    #30
    Page: 12 > Showing page 1 of 2
    Jump to:
  • Back to Mobile